A team of German researchers have found a serious security flaw in AMD’s EPYC datacenter processors that enables them to extract plain text data from VMs.
EPYC chips, which are mainly used in datacenter environments, are designed to automatically encrypt virtual machines (VMs) while in memory. The method EPYC chips use to do so is called Secure Encrypted Virtualization (SEV), and it keeps each VM in a different encrypted address space. SEV-encrypted data can only be decrypted as it’s leaving memory for the CPU and is automatically encrypted again when put back into memory.
It shouldn’t be possible for a VM to be decrypted by anything but the CPU of an EPYC chip—that means hypervisor, malware, and other services running on a server should all be locked out.
Read more at TechRepublic.